Hide email address of specific sender
Hi,
I have had a request from a specific sender that their email address be hidden from postings (kinda like what the munging in the DMARC action does). Is there a way to do this for this *one* member only?
Mailman 2.1.20 here.
Thanks. Andrew.
On 06/08/2015 10:25 AM, Andrew Hodgson wrote:
I have had a request from a specific sender that their email address be hidden from postings (kinda like what the munging in the DMARC action does). Is there a way to do this for this *one* member only?
Mailman can't do it without some kludgy hack to the source. Also, Munge
From actions take great pains to ensure that the original From: address is exposed in either Reply-To: or Cc: depending on other list settings.
The user can do it herself. If the envelope sender (Unix From) or the Sender: header (if any) of the message is a list member, the post will be considered to be from a list member even if the From: address is not. Both the envelope sender and Sender: header of the delivered post are replaced with the list-bounces address, so the original contents are not exposed to the list.
So, if she sends her post with headers like
To: the_list@... Sender: her_real_address@... From: the_list_or_some_bogus_address@...
The post will be considered by Mailman to be from a member, and her member address won't be exposed. Of course, she needs to use an MUA that allows her to manipulate these headers.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Another option is to suggest to the member that they get a “throwaway” email address just for the list.
Regards, Larry
On Jun 8, 2015, at 3:12 PM, Mark Sapiro mark@msapiro.net wrote:
On 06/08/2015 10:25 AM, Andrew Hodgson wrote:
I have had a request from a specific sender that their email address be hidden from postings (kinda like what the munging in the DMARC action does). Is there a way to do this for this *one* member only?
Mailman can't do it without some kludgy hack to the source. Also, Munge From actions take great pains to ensure that the original From: address is exposed in either Reply-To: or Cc: depending on other list settings.
The user can do it herself. If the envelope sender (Unix From) or the Sender: header (if any) of the message is a list member, the post will be considered to be from a list member even if the From: address is not. Both the envelope sender and Sender: header of the delivered post are replaced with the list-bounces address, so the original contents are not exposed to the list.
So, if she sends her post with headers like
To: the_list@... Sender: her_real_address@... From: the_list_or_some_bogus_address@...
The post will be considered by Mailman to be from a member, and her member address won't be exposed. Of course, she needs to use an MUA that allows her to manipulate these headers.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/finches%40portadmiral....
-- Larry Finch finches@portadmiral.org
Mark Sapiro writes:
To: the_list@... Sender: her_real_address@... From: the_list_or_some_bogus_address@...
*Don't* recommend using a bogus address -- that requires skill on the part of the user. The list address is "known good", use that.
Problem example: if she's not at yahoo.com and uses a fake yahoo.com address, DMARC will cause bounces from random users whose providers respect p=reject. Of course you can mitigate this, but it's just *one* example, there are plenty of other ways this could go wrong, and explaining the constraints to the user just isn't worth the effort.
Larry's answer (get a throwaway address) is the one that protects her privacy best, though. A sufficiently persistent attacker can probably trace her through the authenticating IP, but that would be a lot of effort. Use of an alias (eg, AOL screen name) or the Sender header probably exposes her "real" mailbox far too much for her comfort.
On Mon, 08 Jun 2015 18:25:22 +0100, Andrew Hodgson
andrew@hodgsonfamily.org wrote:
I have had a request from a specific sender that their email address be
hidden from postings (kinda like what the munging in the DMARC action
does). Is there a way to do this for this *one* member only?
Mark's solution is technically better but, for just one poster, might it
be practical to solve the problem with two subscriptions? The 'proper'
address can be used for receiving messages (and can be set moderated as a
safeguard against exposing it) and the poster can use another
address/account (a fake or maybe a dummy gmail account) set to 'nomail'
for posting.
= Malcolm.
-- Malcolm Austen malcolm.austen@weald.org.uk GENUKI trustee genuki@weald.org.uk Pedigree User Group chairman@pugweb.org.uk Oxfordshire FHS webmaster@ofhs.org.uk FFHS Communications Officer communications@ffhs.org.uk
participants (5)
-
Andrew Hodgson
-
Larry Finch
-
Malcolm Austen
-
Mark Sapiro
-
Stephen J. Turnbull